I generally just close the page whenever I see one of those awful text based captcha, where you have to squint at the screen to even be able to tell 10% of the time what is written on those awful blurry squiggles.
Whatever you're selling, unless I can read it and type it easily/quickly, it ain't worth my time.

you sound like the helpless baby boomers that bug the staff and ask questions when the answer to those questions is right in front of them. dont you have a homeowners association to run, a voting booth to visit, or a AARP magazine to read?

While I mostly agree with you, and have seen more than one CAPTCHA that I can't solve no matter how many times I refresh, I have to disagree with you on the homeowners' association. While I agree that community is a good thing, and am in favor of community leagues that actually focus on community issues instead of rules about paint colors and whether basketball goals are allowed, almost every homeowner's association I've seen has been a way for the couple of people with the time and desire for control to o

at some point after he originally stained it they decided the previously allowed colors were no longer allowed.

Homeowners associations have very little actual power. I would have told the home owner's association to take a hike.You can't make a law after the fact. If this is true there is no way this would have held up in court. I've heard rumors ofcrazy homeowner's associations demanding crazy stuff but to actually enforce it is expensive as you have to takethem to court to enforce it and many times the court will still decide in the actual homeowner's favor.

Off topic, but, are you kidding? These homeowners associations are in the news all the time for the egregious stuff they perpetrate. Just one memorable example: They took the paid-for home of a soldier who missed some assessment because he was busy fighting in Iraq or Afghanistan. He only got it back when the media caught on to it, and his congressman stepped in. Do you really think that contract you signed isn't enforceable?

The only news story I've ever seen was one in florida where an old person's neighborhood was attempting to evict someonebecause they had a "no children" policy. The media was as usual making a big deal about it but the homeowner's associationhad spent months trying to evict her. Yes, the contracts are enforceble and if you're in the wrong then you can be found guiltyin court but it's a long drawn out process for both sides. Where I'm from (middle of missouri), there are all kinds of crazyclauses like how

Man if these start showing up, They're going to look exactly like those "hit the target 3 times to win" flash-based advertisements. I'll probably glaze over them multiple times trying to submit a form before I notice that a 'completing the game' captcha is what's preventing me from leaving my incredible razor wit splattered all over someone's comments section.

Looks like this is based on a fixed set of games and images. Just teach the bot all of them, and you are done. If this is self contained software I can install on my site, all the info you need to feed the bot is already packaged up in the source.

For things like this to defeat bots they have to rely on hard to invert functions, like rendering randomly warped things. Picking a few items from a lookup table is easily inverted by a bot.

Something that has to be interacted with, through a view controlled by Javascript will not be trivial for a bot to solve. I know the typical response to this is "well I don't enable Javascript!!!" but these voices are now a tiny minority of users, who doubtless have all sorts of problems using the web now. Disabling JS in a browser is like disabling Excel's ability to automatically perform calculations on cells.

For deaf users, the choice could be from a number of sounds - maybe with filters added to prevent

The nice thing about current text-based CAPTCHAs is that they can be applied to any website, whether large or small, and require very little input or tinkering from individual web administrators. The other nice thing about this is that they have an infinite number of possible variations, what with the different ways you can transform text.

This new idea would work great for a small site that will never be a target of a directed attack, but we already have hundreds of different CAPTCHA variations that can be used for that sort of thing. I use a simpler but similar idea on one of my sites, where I have new registrants drag words into matching categories that I set up. I've had zero bot registrations since I set it up a few years back, and a number of comments from actual users that love the system.

But if you apply something like what I use or this new idea to a site like Google, the folks trying to break in will inevitably code up algorithms to handle each of the finite number of minigames they set up with their finite number of items in them, rendering the whole thing pretty useless. The only way to get infinite variation out of it is to start applying image transformation to the items being used so that they can't be as easily identified, and if you start doing that, you're right back where we are now.

So, you're telling me that we can get the spammers to program better AI for us?

That will be their undoing. When the spammers create an AI good enough to solve any human-solvable captcha, then the AI is smart enough to tell spam from non-spam. So we'll use their AI as a forum moderator. Anyone can post, the spam will just not be seen.

To help with this, lets make a captcha that ask the user "is this message spam?" With an ever-growing database of spam and nonspam. As soon as the spammers make an AI for that .

the finite number of minigames they set up with their finite number of items in them, rendering the whole thing pretty useless.

There might not be a benefit to that outcome, but a "good" CAPTCHA system does have a good outcome when it's broken.

I was talking to the guy who started reCAPTCHA many years ago, and his idea was that the OCR work they were farming out was too tough for algorithms to beat. As long as bots could not do better than humans, reCAPTCHA would be offering a valuable service. As soon as

Its not just working at google scale, its human-nets paid pennies by spammers to solve captchas. If it is machine-unsolvable this will happen as long as there are people poor enough to work at such menial tasks for low wages.

There are many different types of disabilities. Some people can't watch a moving picture, but otherwise are still perfectly functional.
Having friends who have some disabilities, it is very wrong to pidgin-hole someone, because while they may be disabled in one area, they may be genious in another.
Look at Stephen Hawking, for example. One of the smartest people alive, and can't move anything. Any sort of moving captca will totally eliminate him.

More to the point the web site needs to comply with disability legislation. In the UK blind/partially-sighted people must, by law, be able to use the web site. This is one of the advantages of CSS - you can keep the site clean so that it works well with a screen reader. In theory a web site (owner) can be prosecuted for disciminating against people who have sight problems, in practice this does not happen very often.

So: all the bot would need to do is to claim to be blind and so avoid the game playing CAPTC

The problem is that you can really only come up with a finite number of these, and once an attacker has a large enough sample of them (say, 10%), he can simply write a bit of code to 'solve' each one.

The thing about CAPTCHAs that makes them great is that you can randomly generate a huge bunch of them.

Anyway, the headline so completely misrepresents this research that it basically says the opposite of what the researchers are saying. The researchers, in fact, created an automated system to solve DCGs! Their contribution was a system that detects 'crowd-sourcing' attacks - attacks where shady companies pay volunteers pennies to solve CAPTCHAs by hand. The researchers said they are going to work on improved DCGs that can't be solved automatically, but nothing of the sort is being unveiled here.

"For example, in a "ship parking" DCG challenge, the user is required to identify the boat from a set of moving objects and drag-and-drop it to the available "dock" location."
This is worse than CAPTCHA

I can't remember where, but I've seen this in use this past week. When I saw it, first thing I thought was that this was one of those annoying ads disguised as a game that are out there. Still, once recognized for what it was, it was simple, much less a pain in the a$$ than the text based CAPCHAs.

And how will even the best, most fool-proof Capcha protect you from a spam bot system that passes that game, or other capcha, to some people farm in a foreign country? Or just to visitors to some other website that gets high enough traffic for the spammers to post sufficient volume of spam?

This, by itself, cannot solve the issue.

The issue is not "Prove that there is a human there".

The issue is "Prove that you, right there, right now, are a human, and not being passed to someone else, elsewhere".